Security issue using QVS with IIS

Our customer is testing to embed QV Server (v9 SR5 x64) access point in his own software. We've installed QV Server on a Win2008 machine with IIS as webserver. During Qlikview installation the QV Webserver component was deselected, so the QV web server service wouldn't be installed. In QMS we've configured QV Server to use NTFS authentication. The Qlikview admin account is used for testing and has full access on all QV document folders.

But, when we try to open the portal by browsing to http://localhost/qlikview, we receive the messige 'authentication failed'. When we add QV webserver to the Qlikview installation and browse again to the QV portal, all documents are shown.

Is it possible to use QV Webportal without the QV webserver service installed? If not, why? If yes, how do we configure this?

Security issue using QVS with IIS

Hi Patrick,It is possible to run QVS with IIS, without installing QVWS so you're on the right track. You don't need to install QVWS, even though I know many do, and then stop the service. Personally I rather go for a clean installation as possible (i.e. no services should be installed if not required).

After completing the installation, first verify the creation of virtual folders in IIS manager. There should be a bunch of them, /qlikview, /QvAJAXZfc etc.The next step would be to check the security settings for the virtual folders in IIS. I prefer to do this on the root-folder for the web site and set it to IWA (Integrated Windows Authentication) and disable Anonymous access. I then make sure the security settings are inherited to each virtual folder.

Now you need to create a new application pool in IIS. The account used for the application pool identity must be a member of the local QlikView Administrators group.Move the virtual folder /QvAJAXZfc to the new application pool (see QVS ref. manual for a complete description depending on version of IIS).

Once set up correctly, go into the virtual folder /QvAJAXZfc and select the file AccesspointSettings.aspx. Make sure you can browse this file in IE, without being prompted for credentials. If you do get prompted, notice the active zone in IE. It should be Local Intranet, not Internet (as IWA is not supported in the Internet zone). If the zone is wrong, add the site to the Local intranet zone in IE.

Now, go into QEMC and the tab for the services settings (QVS, DS, DSC, QVWS). Expand web servers and select your QlikView Web Server. In the right pane you will see the default URL to the QVWS. Change this URL to http://localhost/QvAJAXZfc/AccesspointSettings.aspx. If everything is set up properly you will see that settings for Accesspoint etc will be available.

You're done, now you should be able to configure Accesspoint settings etc from QEMC. As a side-note, the settings will be written into the same config-file as for QVWS (%programdata%\Qlikview\QlikViewWebServer).

Security issue using QVS with IIS

Thanks. Stefan.

I done it and I see good picture in QEMC - I see tabs for AccessPoint, Ajax and Web in the Qlikview Web Servers settings.

but I got another problem - my users can not open qvw documents through AccessPoint now. AP doesn't accept their user credentials (login / password). I think problems in IIS settings, but I don't know what I should change.

Security issue using QVS with IIS

The reason why it works when running both servers is that QvWebServer will override IIS and take the requests. That will work just fine for the Accesspoint, but if QvWebServer gets a URL request to an aspx page (which it cannot process, or find, for that matter) error occurs. If running IIS - don't run QvWebServer.

Make sure you have set the web site in IIS to have Windows Authentication = Enabled, and Anonymous Authentication = Disabled.